Hi Brett, Not sure if you recived a response to this yet. The bridge mail was delyed over the break for some reason. If you haven't been able to get it up and running yet, there are a couple of things that you might want to check. As the reutrn requests are coming back to the proxy server you'll also need allow port 80 out for the proxy & access to the input chain for established connections returning from port 80 & then from the proxy to the client. You'll also need to be sure that the proxybox has firewall access to a name server for resolution and needless to say an IP assigned to the bridge. iptables -A OUTPUT -o eth1 -p tcp -s bridgeproxyIP --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth1 -p tcp -d bridgeproxyIP --sport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp -d xxx.xxx.xxx.xxx/24 -s bridgeproxyIP --sport 3128 -m state --state ESTABLISHED,RELATED -j ACCEPT
--- assuming eth1 is your internet interface, eth0 your internal LAN & xxx.xxx.xxx.xxx/24 is your subnet range with a 24 bit mask.--- That should do the trick... I think ??? Lewis Shobbrook FastTrack Pty. Ltd. Phone: +61 3 9866 8700 Fax: +61 3 9820 0276 > Reply-To: "Network Administrator" <[EMAIL PROTECTED]> > From: "Network Administrator" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Date: Thu, 19 Dec 2002 12:24:15 -0500 > Organization: WireFire Internet Services > Subject: [Bridge] Bridging Firewall/Proxy > > I couldn't find a clear answer to this one in the list.... > > I am attempting to create a transparent squid proxy. I have > the bridge all setup, iptables works fine. The problem I have > run into is that when I try to redirect port 80 to port 3128 > nothing ever comes back to me. > > Here is my setup: > > eth0--------eth1 ( this is the bridge "br0" ) > eth2 (public ip address for squid to use) > > I am connected to eth0, eth1 & eth2 go to the LAN. > > I tried the following iptables rules, which I got from > "Transparent Proxy with Linux and Squid mini-HOWTO" > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j > REDIRECT --to-port 3128 iptables -A INPUT -i eth0 -p tcp > --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT > > Any Ideas? > > Thanks, > Brett Carroll > Network Administrator > WireFire Internet Service > [EMAIL PROTECTED] > _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
